Moving applications and development to the cloud has delivered both operational and security benefits at scale. However, as organizations begin to automate their infrastructure deployments and configurations using Infrastructure as Code (IaC), a new attack vector has been introduced. In addition, the move to cloud-native architectures increases the use of APIs connecting client applications to cloud-hosted, microservices-based solutions, introducing another new entry point for adversaries. While scanning for security vulnerabilities in application source code and on-premise network configurations is a standard security protocol, many organizations have yet to focus sufficient attention on IaC and API code.
Our panel of industry experts and Government leadership will discuss the security implications with IaC and APIs and provide recommendations for addressing these new attack vectors.
ICIT Contributors and Panelists:
- Nicolas M. Chaillan– Chief Software Officer and Co-Lead for the DoD Enterprise DevSecOps Initiative, U.S. Air Force.
- Carrie Lee – Senior Technical Advisor U.S. Department of Veterans Affairs (former Director of Digital Transformation Security)
- Elizabeth Schweinsberg – Digital Services Expert at US Digital Service, HHS Team (former Cybersecurity and Incident Response at Facebook and Google)
- Moderator: Nick Sinai- Senior Advisor, Insight Partners, Harvard Kennedy School, Obama White House (former US Deputy CTO)